Page 1 of 2 12 LastLast
Results 1 to 15 of 22
  1. #1

    * <2.4.23 kernel warning!

    Linux Kernel do_brk() Vulnerablility

    Highly recommend to upgrade to v2.4.23 (I tested exploit code on my own server )

    http://www.securiteam.com/unixfocus/6R0012095O.html
    Alex

  2. #2
    But i dont know which version kernel in my box !! how to know which version then ?

  3. #3
    run from SSH:

    uname -a
    Alex

  4. #4
    Join Date
    May 2001
    Location
    Dayton, Ohio
    Posts
    4,909
    http://www.webhostingtalk.com/showth...hreadid=212652


    If they haven't upgraded yet they prolly never will
    -Mat

  5. #5
    Join Date
    May 2003
    Location
    Philadelphia
    Posts
    968
    Or they are already owned The exploits are very readily available and I'm sure many people have script kiddie wannabe's as clients
    http://www.eBoundary.com - Let us help you expand your eBoundaries!
    Fast, Secure and reliable FreeBSD shared, reseller and dedicated hosting.
    FREE Peace of mind with every account!

  6. #6
    I upgraded it weeks ago. On the 1st of December of so.
    Like us on Facebook to qualify for discounts!
    http://www.sprintserve.net
    Offering: | Internap FCP Bandwidth! | Rebootless Kernel Updates! | Magento Optimized Hosting | Wordpress Hosting |
    Services: | Managed Multiple Cores 64bit Servers | Server Management |

  7. #7
    Join Date
    Dec 2002
    Location
    chica go go
    Posts
    11,858
    doesn't work on redhat 9 machines, i tested it on my own machine running 2.4.20-24.9 and another machine running 2.4.20-20.9smp and each of them compiled correctly, but do not execute due to a segmentation fault .

  8. #8
    That's because 2.4.20.24.9 is the patched version that Redhat released.
    Like us on Facebook to qualify for discounts!
    http://www.sprintserve.net
    Offering: | Internap FCP Bandwidth! | Rebootless Kernel Updates! | Magento Optimized Hosting | Wordpress Hosting |
    Services: | Managed Multiple Cores 64bit Servers | Server Management |

  9. #9
    Join Date
    May 2001
    Location
    Dayton, Ohio
    Posts
    4,909
    And yes it does work on an unpatched RH9 server.. Happened to have to recover one that was with that very exploit.. The c source was interesting..
    -Mat

  10. #10
    I'v read a lot of "how to" kernel update and really want to do it myself but it look danrgous and i ..scare

  11. #11
    Join Date
    Aug 2003
    Location
    Mars
    Posts
    86
    blackmoont, You can always try rpm version's of kernel. If you use redhat then you can use up2date to upgrade your kernel automatically..
    ./HaShoo

  12. #12
    Yes , i am using redhat 9 but are there anything risk if i use up2date ?

  13. #13
    Join Date
    Feb 2003
    Location
    Detroit
    Posts
    820
    Yes , i am using redhat 9 but are there anything risk if i use up2date ?
    Only if you compiled any modules against the kernel. It's more common in a desktop situation than a production server, but if you have any customizations to the kernel then you may have issues.

    If you installed default redhat, and it worked, then your fine. If your on a hosted platform, hopefully your hosting company isn't stupid enough to put you on hardware that requires custom builds.

  14. #14
    My server place at American Datacenter . I am using RedHat 9 and apache compliled with phpsuexec , cpanel . That's all . Anything dangrous if i run up2date ? Pls give me some comment and let me have enough brave to update kernel myself . .

  15. #15
    argg, i have about 300 hosting account in my 2 server , so if i do something wrong , my neck will be cut off

Page 1 of 2 12 LastLast

Related Posts from theWHIR.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •